P3WG Plenary Meeting 04 October 2012
P3WG Meeting 4 October 2012
Date and Time
- Date: Thursday, 4 October 2012
- Time: 08:00 PT | 11:00 ET | 15:00 UTC (time chart)
- Dial in info:
Skype: +99051000000481 North American Dial-In: +1-805-309-2350
Conference ID: 402-2737
Agenda
- Administration:
- Roll Call
- AOB
Face to Face meeting in Washington
Date and Time
- Date: Thursday, 04 September 2012
- Time: 08:00 PT | 11:00 ET | 15:00 UTC (time chart)
- Dial in info: Skype: +99051000000481 North American Dial-In: +1-805-309-2350 Conference ID: 402-2737
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes for approval
...
...
2. Privacy Assessment Criteria
...
3. AOB
Face to face meeting in Washington, DC
4. Adjourn
Attendees
Voting (4 of 7) – quorum achieved
- Bill Braithwaite
- Mark Lizar
- Anna Slomovic
- Colin Soutar
...
- Quorum is 4 of 7
Non-votingVoting
- Peter Capek
- Gershon Jannsen
- Jeff Stollman
- Colin Wallis
...
Minutes
...
P3WG Meeting Minutes 2012-09-06
& Notes
Administration
Motion for minutes -
Motion to approve by Anna; Bill seconds; no discussion, minutes approved by unanimous consent
Discussion
2. Privacy Assessment Criteria
Termination.
Jeff – how can you enforce this?
...
At the time of accreditation, the CSP must provide to the accreditor the process that it would use to notify Changes of Services, along with an example. The notification should include the following: indication that the changes should be clearly highlighted; and the Subject is given the option to continue participation or to terminate, in which case the Subject’s PII are deleted.
Attendees
- Colin Soutar
- Susan Landau
- Ann Geyer
- Anna Slomovic
- Mark Lizar
Quorum is 4 of 7 as of 23 August 2012.
Staff:
- Heather Flanagan (scribe)
Non-Voting
- Thomas Smedinghoff
- Nathan Faut
- Jeff Stollman
- Gershon Janssen
Apologies:
- Bill Braithwaite
Minutes & Notes
Administration
Motion for minutes -
Motion to approve by Anna; Jeff seconds; no discussion, minutes approved by unanimous consent
Presentation
Presenter: Gershon Janssen, Secretary, OASIS Privacy Management Reference Model Technical Committee Topic: OASIS Privacy Management Reference Model
Introduction to PMRM - Kantara P3WG.pdf
- Q&A
- (Anna) question about scope of specifications - what about actually understanding what policies must be complied with? what about how to verify/connect to systems to verify that conditions are met for the policies? (Gershon) regarding understanding what policies and their interpretations, yes, that is somewhat out of scope though there is a glossary which may help; regarding verify items, it depends on how you mold this within your own system, specific services provide means to analyze what you need to do what to adhere to the policies, but we are not providing the mechanisms; (Susan) regarding the second question, relevance to an ongoing investigation would be out of scope for a PMRM standard; that must be decided by legal people; (Anna) meant more like an API not a human policy
- (Jeff) this seems basically to be a methodology tailored to a specific implementation. Concern with that approach is that everyone will create their own systems for various use cases which will be internally consistent but will expose bits of information enough to allow for significant correlation of data. Is there any plan to incorporate a larger scope for correlation? (Susan) that's a law and policy, not a technical, and is far out of scope of PMRM; (Gershon) did not get in to enough detail to really be able to define this kind of problem; need more detailed use cases; (Ann) we have been using this time of reference model to drive a privacy architecture in our environment, and its been a very hard sell to get technology people to understand why it is needed and unique, and it sticks to the questions under discussion - the PMRM are good for driving for conversations within an organization
Discussion
- Privacy Assessment Criteria
- Email from Ann Geyer to P3WG list:
...
.
...
- agreement that this point must be captured
...
Call closes @ 12:06 EDT